See: Description
| Interface | Description |
|---|---|
| SessionAuthenticationStrategy |
Allows pluggable support for HttpSession-related behaviour when an authentication
occurs.
|
| Class | Description |
|---|---|
| ChangeSessionIdAuthenticationStrategy |
Uses
HttpServletRequest.changeSessionId() to protect against session fixation
attacks. |
| CompositeSessionAuthenticationStrategy |
A
SessionAuthenticationStrategy that accepts multiple
SessionAuthenticationStrategy implementations to delegate to. |
| ConcurrentSessionControlAuthenticationStrategy |
Strategy which handles concurrent session-control.
|
| NullAuthenticatedSessionStrategy | |
| RegisterSessionAuthenticationStrategy |
Strategy used to register a user with the
SessionRegistry after successful
Authentication. |
| SessionFixationProtectionEvent |
Indicates a session ID was changed for the purposes of session fixation protection.
|
| SessionFixationProtectionStrategy |
The default implementation of
SessionAuthenticationStrategy when using <
Servlet 3.1. |
| Exception | Description |
|---|---|
| SessionAuthenticationException |
Thrown by an SessionAuthenticationStrategy to indicate that an authentication
object is not valid for the current session, typically because the same user has
exceeded the number of sessions they are allowed to have concurrently.
|
Comes with support for: